I have a SharePoint 2013 SharePoint Hosted app, and I've got some code that works swimmingly well when it's pointed to the host site collection. Part of the requirement is to have it point to a user specified site collection. When I specify another site collection in my farm, it errors:

Access denied. You do not have permission to perform this action or access this resource

Is this possible? I'm guessing this is a security thing in the app model.

Update
Adding some code, since it sounds like this should work. Also my app has Tenant Write permissions.

On the surface this looks like a cross-domain problem, but it is not.
It's actually a traversal problem inside SharePoint resources. What
you really want is for your app to talk to your allowed endpoint (your
app web) and from there you want to internally proxy the call to a
different site collection.

So, does that mean that you are out of luck if you want to use
JavaScript? Nope, we actually have a pretty handy object for you
named AppContextSite. All you have to do is set AppContextSite to
point to the target web you want to talk to.

There is also a code example in the article

EDIT after code snippet added

How are you getting the reference to SP.RequestExecutor.js? Per the blog post above you should load it from the host web:

Updated with more from the article, specifically an interesting part about how to load the SP.RequestExecutor :)
–
Robert Lindgren♦May 16 '13 at 17:09

1

Did you read the updated article where he states Please note that in order for cross-site collection calls to work your app must be deployed as a tenant scoped app by an administrator; this is currently a security restriction of the API.
–
Anders RaskNov 5 '13 at 10:57

Thanks for your answer, and I agree, I do need Tenant Scope, but as I previously noted, I tried that and still received the error. I was working with MS closely on this project and their team had the same problem. Sadly, I have moved to another project and not sure if it is still an issue.
–
David LozziJan 29 '14 at 19:09

I am pretty sure this is in fact a bug. I have tenant scope added, and it does not work when posting
–
hitdrumhardMay 6 '14 at 22:47

Did you deploy your app through the AppCatalog? Deploying it from visual studio will not work.
–
Vardhaman DeshpandeMay 7 '14 at 9:15

By default, a SharePoint-hosted app is allowed to issue cross-domain
calls to the host web, provided that it has proper permissions.
However, a SharePoint-hosted app can also specify a remote host in the
AllowedRemoteHostUrl attribute of its AppPrincipal.

Well here I quote my experience.
As far as developing app for cross site collection access is concerned, my code is working perfectly fine and I am able to access the list on other site collections without any problem.
Now there is a punch here and it has been mentioned by other fellas overhere a number of times. I deploy my app directly onto the app catalog and use the following code:

I used JSOM as well and it also worked fine.
What I have done is that I deploy my app using visual studio directly on to the app catalog site collection (Using site URL property of the project). By doing that I turned my web scoped app to tenant scoped app. Please correct me if I am wrong!
BTW my app is SharePoint Hosted app.
Remember that you cannot deploy an app onto the catalog using normal farm admin account. it has to be managed account that you create for app development (which already has farm admin rights).
Furthermore I could deploy my app, debug it and redeploy during debug session using Fast Deployment Tool.
Hope this brief description helps.
Cheers
Vaqar